Hey Folks,I know i have probably done a number of things wrong such as post this in the wrong place or something but please forgive me as im fairly new to this. Anyway i was wondering if it was possible to get some help, im currently doing a college project on honeypots and as it stands haven't received much traffic at all. and as the deadline creeps closer and closer im starting to panic as of why i have not gotten large amounts of traffic.I was wondering if people could inform me on how to attract some attention fast (i.e which services to run and ports to open), as it stands i have a simple basic file service running and web service running on a windows server 2003 machine.

Along with opening my eyes to what i'm doing horribly wrong i was wondering if it was possible if i gave the ip address of the server out on the post would people who have a few moments run some typical attacks on the server (wont be challenging) so i can gather some traffic or does this go against some rules of this site?

Finally if it doesn't go against the rules and it is possible for people to have a go at attacking the server i was wondering if it would be possible for those people who do decide to attack the server not to wreck it to much and keep away from editing any important log files as i haven't time to re-install and reconfigure everything.

Don't worry, you're not against the ToS. Just put something on the server so we can recognize it's yours. Like setup a webserver real quick with a page saying "HTS please test this."

Idk why you're not getting much traffic but it's probably because you are only 1 IP. Universities and other places like Menlo Park capture thousands of attempts from malware on their honeypots because they own large IP ranges such as a x.x.x.0-255 meaning they own all 256 of those IPs or Menlo Park which I believe has x.x.0-255.0-255 meaning they have a /16 IP range. This allows them to capture a lot more.

I'm going to assume you're not getting an abnormally small amount of traffic.

The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.

Just on what fashizzlepop was saying that's what i was thinking ....like im a small fish in a very very very big pond so this is what was confusing me, as the lecturer was surprised that i hadn't received much traffic so im wondering am i going something wrong ? like the firewall is off on the server ive tried opening ports also but ran a port scan on it and showed few ports open but was wondering is there a nice list of ports of something to "invite" people in. As far as i know its in a DMZ meaning its in front or the router firewall too. (am i correct?)

Anyway lads the ip as of now is 89.100.27.193 if it changes ill post up ASAP.As of people doing port scans the Intrusion detection system im using (Snort) wont pick it up unless i write a rule which im not sure how to do but if anyone knows that be super too.However even if ya want to bombard it with armitage or something feel free just once it wont shut the server down as i need the summary report if its possible.

McAttack wrote:was wondering is there a nice list of ports of something to "invite" people in.

I noticed that like 4 of your open ports were running the same service. I might be a noob and not realise that that's how it works but i think rather than opening every port under the sun, maybe run some interesting services? I was getting all hyped up and ready to get my geek on but only found a bunch of standard looking stuff that provided me with no real attack vector. While doing some research into web exploitation i came across a page giving an example of how to find exploiotable servers. It was to google "powered by php v x.xx" so attackers are looking for the said vulnerable service. Maybe put a redundant database on the system that would intise a would be hacker to go snooping, because i was bored and out of ideas after about 10 mins, though nmap did say something about anonymous ftp login ^_^

Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

Hi,At the moment i have a simple web service and file service running, i started a ftp service but haven't added anything to it, is there any other interesting services that i could run to attract more attention. im just puzzled how it seems quite secure judging by the by the feedback. like there is no firewall on the server and it is placed in a DMZ on a Thompson router. Can someone just correct me if im wrong on this but does that not mean its not protected by the routers firewall also ?

I am just worried as i approached my lecturer and he thought id have to much traffic some how?But i was thinking the same as you guys that why out of all the servers out they would people by attracted or find my little crap server as I am a small fish in a big pond.

Since it is a windows server you could run the telnet service then just google how to connect. Also, share the C: drive. Then just go to another pc and try to connect to the pc via telnet or mapping to the c:\ drive. You can then download, install and just run wireshark to record all network traffic off the server. Make sure file and printer sharing are on. If you really don't care what happens to the server, you can create a user name with a blank password or maybe even the administrator with a blank password. If you trying to attract other people you can try nmap and scan the ip range for your network and that may attract any would be packet sniffers(possibly). Just set up a batch file to do it like every 5, 10, 15 minutes.